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^711 s.^ ^-2002 -0063659 



£ 5fe S-el-^^l-ys^ 1=1^1^ 4*^1- ^1^^7l 41*1: 7)1 

:£ 6^ "^SL^-^ cl^l^ 4^3] «|]t:-l t+El-'i 

:£ lO-gr ^ ^^"^ n^-s. q^l^ j^.go^ ^^*l-7l ^-s}: l-^-f ^>H. 

100 : tl^ 

102 : c^x]^ ^^2. A-ltH 
104 : S-ef*l?i:^ 

106 iSef-^l-iiM ^iM. c-ilolE-lufloi^ 
108 : i^^>lElwflol:ii 
110 : 91^ ci|o]ElHlloi^ 

^ "Q:^^ ^^]^ 4^1 ^^1 ^^1 ^ «<}-'^^1 ^^S^i ili^ #ei-<*l'?i:^<=>il7ll t\:^M 

^^^^ 1-^ 4^1 » ^m«>7l 4lt!: T^^l^ ?iSfla 4^1 «<3-^l ^^1 ^ 'S-^<H1 

^ ^*>fe ^^^^S. ^}-%-^}7} ^S7]7\] 

^a. *^;^>^. T-ilS4-l3» ^iL ^#;^>s-^Bi qx]^ ?i^slr "^l^-H^ tq^]^ 
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<^121- AjiEfl^ AV-g-xHTll ^'STil cf^S.:^ (download) ^-i- 4^ Sife 

o]e]^, Ai^^^flo^iA^ ^^«>:a ^fe c]^]^ £fe -^S-S. a>-§-xH711 ^^^cf. 

-H-SS. ^^s]^ cl^]^ r^^]^ Al^E^oi] o^tll 7^2^$] A^n]di A^o] ^3*11^4. 

"^l^Tll Alu]^ A^o] rqx]^ ^}-%-^}7} ^^^7\] A^ali A^ulfe Aj-^^Vs] ^a. 6l-§-^«Hl i4ef 

3.eii4, i-im^^H.* ol-§-5l-oi ^T-<a2^^S Al^E^cHl A>-g-^l-7l- ^^S|]A-1 -^s-§- c]x]^ 

» i^fl^^s] Ai-g-^1.71- 4^1 ^^-^^ 4€- ^l-^-^Tfl -fi-S-i- -¥-^^S Hll5E*l-fe 

^ t'^* #5fl 7l#si sM^W ^sM ?]r#t3: ^^s.Ai, rq-^Tflsl ^J:^«- 5|-<a 

■a-sSl-^Hl sjsii ci^i^ ^J-Ji^«l-7l ^t!: c^^l^ 4^1 'fJ-^l ^^1 ^ 'S-'^^ ZL ^^o] 

c^;^!^ ^J:3^«V7l a>^;^v W. 

a^t, ^ A^ai^ 54"^ ^i-^^?! ^ ^M^l ^3^^ ^3|Ai -yrjiel^oi A>^^cf. 

'='1«K ^ 1-1^ 4^1 «o^^l ^ l.l-'^^ Wl-^^^V ^ ^A]o^l» ^Mi^l ^'^tt^. 
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:e 5.a1^ ufsf ^oi_ a. ^Tg^ o]^ A]M\ (100), €€1^ ^^"S- ^^m^OZ), €-el-<^l<?iB(104), #el-<^l?is 

cllolE-lwflolrii(i06). tqx]^ cflolEi nil 01^(108) ^^i. c11o]E-lnflol>,(iio)* T^^^ 

<^7lA-], -y^ Aitfi(ioo)^ fi^na ^fl^ AitH (102)* n];^!^ fi^s sf-^s] ^J:^ l-5f<^1<?i 

S(104)2] 5).^ Aj-g. ^tlr ^J-a. AJA^^ X\^?] (Seed key) (Cap ID)» a^ 3r].:£S. ^A^^cf. 

<^7]^<], Al:^5'l (Cap ID)^ cl^l^ >^1^^7li4 ^fe -a-S^^ rq^l^ ^JL^^l-z] ^1^1^ 

a^, ^iHl (lOO)fe <a-JL^^ ^^1-^* 4^^*1-71 -a^ <a-Ji^ ^^jiei^^l Ai:£7l (Cap 

ID) ^ #5f°l<?i:^(104)Sl Al>,efl <a-S.^§]-o^ C^X]^ ^^2: 3}.<a3] A]-g- ^^7-1(01*1-, ^^)» 

Aj«l-jl. AjA^^ £3.^ #e1-6l<?iS(104)S. ^^«>iE^ 

<^7lAl, s.^ Al^^ (104)3) A]^^ ^ife CPU^ 3.71. ^ «>S.i^ih3.5l ^Ho]^! 37] ^il 

o] i^*>oi ^^g^cj-. atb, fltt "tJielf^^ ^sjA] (twofish)*!^!-. 

^1* ^itH (102)^ ^slA] ^J:jiel§^ ^l-§-«H ^i^l (100)^-¥-b1 ^1^?] (Cap ID)» 4^3: 

n]^ -g-ji^i- "a-ji^^i (FKeyi)* ^j^j^h^ ^^^cf. 

#2l-ol<aE (104)^ -y^ A^H] (ioo)^^&l Me* ^^7] tfl-^^ei A-i^j- <^^^ 5il;^liE2:i<=>fl s.^ ^ 

Afl^ A^al (io2)S.-^Bl q-^^x^^ ^J-SS^-^ cl^m ^l-^ ^Ic] ^J^o)! af^ <a-5.Sl- ^ ^JlSl-l- 
-a-J:^?] (FKeyl)<Hl ^-^-^-^ ^^^7] (FKey2)» ^^S.^^ cj^ll 

«*^7lA-1, ^ ^i^^ 4^ M^?] (FKeyl) ^S^J^I ^31^ ^ ^^fl ^ jrlA] <M.j7e|#* A>-g-«tct-. 

#e}-^>l^M Aja. iHl=>lEla^l<il>;(i06)^ €-5l-<^1<?iH(104)^ ^>-§-^]- ^M. ^ aIs.?] (Cap ID)« W^H., r:]^]^ 
^<^]^^<^]^^ii08)^ 5}-'^ ID-HI ttFel- clAl^ a^:b.7]- Tsj^vsjs.^ ^^^€4. 

^ii iHi6i^Bfl6]^(llO)^ Sef«*l?iH(i04)^^ sfl'S" -^i^liii ^, a1:b?1 (Cap ID)» >q<a-«>iL^ ^ 

^. 

^^■1, cqx]^ ^11^ A-1tf| (102)MY£-1^ i^^l^ €€s 3l-<a^ ^1^^7l ^-Sj: #el-o]oi E (io4)sl a-Iw]^ 

«5l-<^l?iH(104)^ ^l*^itH(102)S.^B| tq;^]^ fi^s 2l-<a* €«S^l7l7] ^tt i^^m ^ 

'^M. ^^]^ =MZI^^ cf^M^^ AiH]^ tfloil £^£|o^ ^ 01^ a^iy- o>T^el- AiHl>, 

<='1<H. ■&2f<^l^H(104)fe ^^^^]3. 1-<H. ^tl'^! *«fl ^1^ A-l«1(102)<^ '^V-S-:^!- 

'gi* ^^«H i^^] 200) A^t!ri^(^1:^ 202). 
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tqx]!! ^^z. ^]]'§- 13^(102)^ #2^-<^l'?lH (104)^-^^1 ^^sl^ ^V-S-^l- *e|-<='l<?l^ ^iS. cl]<^lEim]<^Ii(10 

^ ci^ A^tH (100) S ^^^^ A>^;^V A^«Vr|-(ia:^l 204). 

c^7]^, c^x]^ ^Eji^ A-^Bl ^^(sp_NO)^ ^iiH (ioo)°)l ^^1^ ^-fl? ^■1«l7i- 4 

(100)^ c]x]^ ^iu^ (102)S.-^El ^1-4-^]- (Cap ID)» ^J^^^:^-. 

^, ^iw] (100)^ l<Hl>^ii^1- ^-^l, c^^l^ ^-11^ ^iHl (102)S-?-Bi A-]H1^ A^iil Hlx(SP 

_N0), ^^^^^s: ^ eHf-^-l^iH^ 1- ^slA] <t:n.5ll^o)| ^^7] (auLKey)'Hl -a-Jl^l- ^^S]- 
<^ A]^7l(CapID)» ^3^^t3:i=|-(^l::^l 206). 

<=^7lA-1, ^^71 (auLKey)fe SSnl^ofl s]^ f^^S. ^ SJcf. 

1 

Cap ID - E.dfe'CSPJHK*) li •f^'a*^ias:(13) II «eH>l^B -^^(30)] 



<=>1'^. 1:3: ^^>fe H>6lm(Byte) ^-^l* H-^l-ifl^., ^^15] 7] ^(auLKey)^ "a-M* fl«fl HS.^5fl^ (p 

rograramer) Bjel ^S^^ ?J:<sltH. (Encryption) ^1 ^x]-6|cl-. 

<=^7lAi, :f-5|Al -arJiel^^ 13|1*1B] ^JJl^S^ (Data Enciyption Standards)^ tfl^«l-7l i^l^sl 
S$^(NIST)'Hl^i ^3.^ ASE (Advanced Encryption Standard) «flAi ^fl^€ 'a:al5l#<slt:l-. 

^3|Al <a-aLe]#^ 128ylS.(bits)s^ cfl;^^ 1:^ %i-:s:7l o] 3.. 128^1^, 192^1^ ^ 256 ajS. ^"^^ ?! ^<^1-1- 
€(feistel) "j-^a* ^31, -¥-7V Sl-<^1E1N^ (whitening)* 7l-^cf. 

o^7lA^, 5fl<^l:^^* 'S-* 4-4^7flS] ofli -^1-^: (S -box) , 1=1 "HI ^ (MDS) *3 ^ ^ (PHT)# 

^. 

g 47fls^ HfojE .q-ojc 7] oi]^ HV^^ ^^^s]^, -acl"!!^ ^1^1 e^VsV^ <Jd^ ^^I 

<^H. Cl-^ ^-151 ^7il» ^^Ai ^^Ji\. 6. = 2. ^S.ol S.^ ^S] o]^ pM^I- HV^o] ^ 
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ZLe\jL, 4711 ^<Hfe ^^M^ ^S^^y] 4711 ol^sl f] ^<Hi+ ^sj^cl-. 

^irfl (100)^ ^J-#t!r «l-^2l- ^«S*]-^ ^2ilAi ^i2.el#oii s^gfl AijA^^ a1:b?1 (Cap lD)i4 ^V-g-^V 

"fl^l^l* ^S^^^<=^ (^;^1 208) (102)S. 210). 

cl^l^ A^H] (102)^ ^ial (10Q)S.^H15] Ajs^l (Cap ID)» 9^'^]^^ ^JS. c11o1e1h1]o1^(io6)<H1 

^ni-t^ ^i^n 212). ^iali ^S- i^AlT^ll- A<!jA^sH(^^l 214) «e1-<^l';lH(104)<^l7ll 216). 

ojo^^ 3E 4» %SlS}<^ l-e|-'^|<?i:^(104)S^ A-^aji -f-^ #1^ A^<H1 x4^ 'g'^ 

#2l-*l<?is(i04)7V A>-g-^> ^ga. ^. ^^^^si^ ^ tffl^^^s* U^«1-Ji(^^l 400). ^iui^ ^s. ^j^-. 

;«11^ (102)S. 402). 

i^^l* ^-11^ ^iy^(102)fe #5^-°l'?i:^(104)^-¥-tl2l ^ sJl>.^^^sf #e1-o]<?iH cflojBlfllloi 

^(106)<H1 ^^sjol Slfe ©e|-»l^S alia«H S5l-<^1^M (104)7]- a^bI^ =s.;^^oi^]^ *^*!rt^(^/fl 404). 

^ej-oioiE (104)7]- Hi >i -^s.^f<y c]^]^ ^ia] (102)^ #ef"=l<?iS(i04)s] sfl^ a]^?] (Cap I 

D)* c]^]^ ^]^ A-]H] His:(SP_NO), ^^^^^S ^ (Cap ID)» ^i^] (100)^ 

^<H1 145]- (^5fl 406) ^}-%-^} #1 4i» -S.^ W (^;41 408) . 

^iH] (lOO)fe c]^]^ ^fl^ A^H] (i02)S^E.i^ ^>-§-^]- tl^ #l4i .S.^Als<^ll rcl-H]- oj^ j^^]o]^^o]^ 

(110)1- ^'^«]-<^ l-B]-<^]'?iS(104)7> A]-g-;^>olxll- 410). 

#5]-o]-yE (io4)7> A>-g-7^>oi ;g 01^ A]y] (loo)fe #2]-<^l (104) S] 4^^]- Jg:^.^ AM1^<H] nfe]- A]- 

tl^ 412), A>-§-;^> #ldi ^S. BllAlxll- A5A^^].o] r:]x]^ ^liH (102)^ 

^4^W(^^] 414). 

c]^]^ ^fl^ A]y] (i02)fe Ai«] (100)S^B]S] A]-^^]- #14; ^]a]^H1 u^s]- A^n]^ ^± ^ 

S. BllAlx]* A|^s].jL(ci.7ji 418), ^S^^ A-]al^ #1^ ^s- nflA];^]!- Se]-ol<aE (io4)oi]^fl €*^<H] o^-e]- 
<^]^H(104) S] A]H]i ^db7> ^S«t^(^;^] 420). 

o]o], A-]H]i :^^c] Se]-<il'a:^(104)7> c]^l^ ;«|]^ A-]H] (io2)S-¥-t-l^ c]^]€ ^1*^ 

#H]-<^l<?i:^(i04)fe i-i]H^q3.» c]^]^ ^1^ Ai«] (102)^1 ^^tb ^ id ^ sil^^q:^ ^^^^14 

^ Szi^l* -^«lt!r ^ :^l^slfe t:]-<a:t!: i=]^l€ ^€3. 4^ ^ c>]i^ ^l-q-l- AjEn^].^ vq.^ aI:^* <a ^?l:t:]-(^:^] 
500). 

r^^]^ ^fl^ ^■]H](102)^ #5]-^l<?l:^(104)S.^ei <a^5l^ ID ^ nll^i^^Sl: #e]-<^l^H cj] o] e| Hfl o] ^ 

(106) <H1 ^1^51 <^ Sife ^fl'^ A^a]^ o]^s. ^^t!:4(^^] 502). 

«el-ol<?ie (104)7]- Aiu]i ^^4"?! ^^]^ ^11^ ^IH] (102)fe #51-*] (104)71- A^tl- ^^]^ 

4"^* '?}-J:sl-«V7l ^tb 4'a5'] (FKeyl)* ^J^J ^4(^5:^1 504). 

^, 1^^]^ ^1* (102)^ 4^ •a-J&^^l (FKeyl) ^l^^-i" ^1^?] (Cap ID) ^ #4'^l'?iHa1 ^}-%-^} ^ 

a. ^4^1 ^3.e|#^>ll 4«ll 4^^1 ^^^^» ^«a*l-fei^l], o]* ^^*]-^ 4^4 ^4. 

^A-i, c]^]^ ^Ej^ ^1]^ ^■]tt](i02)fe l-4*]"?is ^a. ci]<^]B^Hiioi>^(io6)<Hl Xife «4<^1^S(io4)^ n 

^ a1:B7'1 (Cap ID)» ^12 -i^?] (asUkey)-i- <»l-§-*l-<^ M^^^l 44 ^ll 4^ ^]-Jl44 (DasUKeyl)* aS^J€4. 
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^M, ^fl2 (asUkey)fe ^-l^^l (Cap ID) ^ll -^^^1 (auLKey)^!- ^fe ^^^^1 

^ 9X^. 

o]o]^t:];^]^ ^^2: (102) 4^«?-^ 2«fl-^iSl- :g-ol, Jij-^ <?}-J:^7'l (DasUKeyl)* <^1^^<=^ 

^11^ 'd^(SP_NO), ^ ^l^^l (Cap ID)^ ^S^* ^3:^*l-«^ ^l-^ ^S.^^] (FKey 

1) ^S-*^* ^^S-^n^l ^112 "a-^Sj-^l (UKeyl)» -^S^^tti^. 

2 

UKeyl = EoasUKeyi [SP_NO (4) II ^^^^^ Jl (13) II Cap ID (16) ] 

att. ^11^ ^ial (102)fe ^lel ?1 ?Jt (auPKey) -Hj 4^ ^fl^ (102)^ ^^ik 

^ ^:&^«>«^ ^13 (DauFKeyl)* ^^^^t^. 

0^7]Ai, C]?;!^ A^Uj^i A-lHl^q ^^-21 BSn^ofl ^^ ^^^S. ^^^^ ^O.^ 16Hl-<ilS.S- ^^i^^. 

c];^l^ :^]^ (102)fe- S-^l^-l^ ^<^1, ^l2 •y-^^?! (UKeyl). t^^M 4 

<i ID ^ A^ul ^1^^^ :^]3 ^Sl^^-l (DauFKeyl)* <*l-g-«f<^ 

?l(FKeyl)« ^S^^tt^l-. 

3 

FKeyl = EoauFKeyi [UKeyl (16) II sj-^JjD (8) II i^^l ^ ^1^ A^ »H ^'S (8) ] 

<^7lAi, l:2.<a-^ ^Xl-fe Hl-olE c^^l^ ^^2, A-lUl ^^g^^ ^S.=L^<^ ^ Sfl ^k^] 

^, Efe ^^>» 

^1^ A-1ii|(i02)fe ^■'^:A]$\ -^J-M* ^Sfl 3}-^ (FKeyl)°fl S^^B #5l-<il?l:^(io4)S. 

-^Ei 1=1^1^ ^:t:^«l-<^ #2?-<^l^:^(i04)<Hl7ll ^^tt^-. 

olnfl, <a-JiSl-Sl<:H #e1-ol^E (io4)°ll7fl cl^m 6°11 S-A]^ Bl-ii}- ^A^o^ z^^ 

4. 



£ 6# c^^l^ 21-'^^ ^1^1 ^^fe A-^u^ (600), ^■'U €^(602), 

^.o^ ^.<^ €^(604), ID €^(606). #21-<*1^:^(104) ^:£(608), ^11 <^1H1 "=^^(flag) ^:£(610), ^31 
^€ # Afois ^:£(612), ^t:-l, Hftq ^ <^^^ i^«->^r S€s # ^>°lS ^:^(614), 

■a-SSl-^ # Afoji *^(616), °fle1 ^tb "iJ-JlSl-^ s\-<^^^ ^fla.^ (checksum) ^S.(618), :^fl2 <^1«1 

<f ^ €:£(620), A^H]^ A-]ul ^^(622), ^"U ^SSl-^l ^'?1^(KVC) €^(624), ^13 €^(626) 
^ 4^ <H]e1 ^3.^ (628)S. ^A^€^. 



<=^7]H. ^'U '^^3.^-7] ^91^ ^:^(624)^ ^?1?J:(KVC)^ 16 Hl-<^1SS] ^(NuU)^ 4^ <?]-J:2|-?l<=Hl ^^11 

^M^^"^^]. "^^M /^l^ (102)fe ^i-JlSl-» A^^^ sl-<a <a-:£^7'l (FKeyl)^ 

(KVC)^ AJ^^ 5^<a <a-^^?l (FKeyl)^ 

#e1-oi^E (104)^ ^v^*]- tiV^V ^A^^ sllt3l7> i^^l^ 4^S^*Vai. c]^]^ 
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^, «5f<^l^S(i04)fe ^"S^ ^3^^^ ^1^^ 'gja.* ^1 

atb, ^1^*3 ^itfe -S.^-* #S|-<»l?i:^ Aji^o] 7}:^]^ CPUSI f'^, 7)1^ Sl-E.c1:±:H.^ jf(|o];^] 

tl* ^■1«^(ioo)fe ^<^1. ■i-5l-<^]'as(io4)s-¥-B^ ^iHl^ ^"jl-i-^^J: ^ ^] 

ri^ 'Sa.* 'i^7'l?J:(auLKey)<^l ^J:^«1-<^ (LKeyl)* ^I'l^t!:^. 

LKeyl = EauLKey [^1^^^ ^§^(16)] 

o]^ Aitf)(100)fe ^fll (LKeyl)» ^l-g-«><=^ 16«l-<='lm^ (100) "^-JlSl-^H S 

(SLKeyl)» ^S^^tti^. •^'l^^l, 91^ ^^^1(100)^ 16H]-<^lJ^ol ^^(Null)^ ?^]2 ^^^M ^JlSj-^-Hl 

^^1^1 ^12 £€-71 (SLKeyl)» tilia^<Hl ^J^T" <^-¥-» 

•^71^1, A^Hidoo) €^?J:^ ^ial (lOO)^l^i '^'S S^^^-Hl ^^^s. ^a^€ ^Jrolc]-. 

tl* ^itH(100)fe ^12 S€-^](SLKeyl)» <^l-§-«H S^l-'^l (104)^ ^1 (Cap ID) ^S^i^ 16«H:^^ 
^2 3|-<a ^JlSt-T-l (UKeyl)« ^J:^5|-<^ S.^?! (EncUKeyl)» 

0^71^1, 54-<a ^i-SSl-^l (UKeyl)fe ^1^ ^itH (102)<^l^i^ ^S^i 4^j<^l ^<a«^>S-S :3.<Hl cfl*!: ^^fl 

Aitfl (100)^ ^fl3 (EncUKeyl)i 16Wl-<='lJ^^ ^'a?;t* ^7}^ 1^^]% ^JlS)- A^ul ^ 

"^(16) li A-fl3 S^(16)] ^EJl^^^^:^^^ (104)^11^1 ^^Itc]-. 

m^^o] 91^(104)^ ^^7]^ ^#§>3., Al^Efl nlBl ^^Jll ?1 (auLKey) ^1 ^Sfl <a-S 

^■^c^ (LKey2)» -^-^^t^. 

S5]-oloi_e (104)^ S.^ tfl^l ^11 ^S.^^] (LKey2)<Hl ^^SL^l^^ ^l2 ^M^l (SLKey2)* 

o^7lAi, #e|-<5l<eie (104)<^1 ^fll 4^1*1-^1 (LKey2) ^ :^-]l2 ^SLSI-t'I (SLKeyZ)^ -^i (100)<HlAi 

^ll (LKeyl) ^ ^l2 (SLKeyl)^!- -^^^^VJl, a^a^ jif^js ^^sj-cl-. 

#51-0] (104) m (EncUKeyl)* Aflz 4^*1-^] (SLKey2)<Hl 4^S]-*M Afl3 ^S^?'! (UKey2)« 

-*3^^tl:4. '^Infl, ^13 (UKey2)fe ^l2 J^<a ^Jl^l-?! (UKeyl)^ ^"M?!: T'l'a^r ^]-^*V4. 

SE-^^ gel-oj^jE (104)^ ^i-:t.^^ ^^]^ tf||c1S.-^El Aiaji: a-^hI ^^fls ^^5'] (auF 

Key)'>il <a-J:3^-Sl-<i^ ^"U^] (DauFKey)* ^3-*^ W. 

<=']^. Afl3 -i^J^l (auFKey)fe ^fll (auLKey) Sfe a1]2 (asUKey)5+ ^W^] ^^j5l7-lt+ Sfe 4^ ^ 
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a1 «^ ^ >Hl3 ^S.S\-n (UKey2)» ^^^?] (DauFKey)ofl ^J-JlSj-^ofl v^e]- ^s.^-^] (FKey2)» 
<^M. #2f6l^E(io4)fe c^^S.^^ v]:k]^ €111=1 iflSl Stsf ^M7l(FKey2)» 

Se|-«l"?iS(i04)^ ^^^^ (FKey2)» ^J:^^ -^^ ^S. 

si^ ci^i^ 34-<a^ ^*3«>?I| 

<=^7lAl, 3i-<g (FKey2)fe ^1 (102)°1lAi sq-'S* ^^^tt jq-'S M^^l 

(FKeyl)Sl- -^-a^^ ^V'^ 

cl^l^ Ai«1 (io2)fe i-ilE^^H.* -f-*ll Se1-<^l?iS(104)S.-¥-Elsl Al-^g-^V ^iL ttj- 

Aia^ (102)^ ^*t!r^-(S700). 

t:1^1€ ^^2: A^Hl (i02)fe Al^?l (Cap ID)« «i}-M^V<^ 4^ (FKeyl)* ^S^*!-:;!, 

sl-^ ^JL3}-?1 (FKeyl)o<I #e?-<*1?iS (104)5.^^1 3l-<a* W (S702) . 

<^1<H, ^ial (100)^ S5l-<>1^:^(104) ^i:^7lsl Aj^i^^ cf^^i -a-J:^^<^ ^^^^^ ^}-%-^ ^tt^l (S.^)* 

#51-01 oiE (104) S €^t}:^(S704). 

c^7]^^, A] «e1-<^l^S.(i04) ^^7l'?l:oi 7}^]^ ji-H- aI^^ ^^oi] o^sfl ^^^^^ ^e^o] 

o] ^^7Mt]- 31-^^ 

Se}-oloiE (io4)fe <^l-S-«r1-=>^ -a-JlSl- ^ 4^31-011 ul-^ ^^sh^l (FKey2)l- ^1^^51-51, ^S^^^ 4*^ 

(FKey2)<^l ^^3}-^ 1=1^1^ ^^Sl-ttcl- (S706) . 

at!:. ^Jisl-^ cl^l€ ^4^^ #e1-*l'aH(l04) ^^7H1 ^^ls|<H s^3.^<Hl ^«fl ^«J€t1-. 

5. 8^ cl^l^ "a-SS]-* al-'a tJ-J:3l-7l a^^^ =T-^^-y] ^Itt a>eo1i:1.. 

cl^]^ ^1? A-l 01(102)^ AliJl(ioo)S.^BlSl Al:^7ll- v]^ HS.Z12flDl :^ofl oj^fl s:e.^o11 

«>H. S'a^ <^l-§-«l-<^ ^i-^^^"^ ttl-Hl- sl-<a (DasUKeyD* aJ a^ ^1^. (S800) . 

<iH, Als.^1, l-sl-ol'dH(104)^ ^^-1-^^^ ^ clx]^ ^^2: A^H^ ui^s. j ^l-SLSj-^l (DasUKeyl) 

<^ ^Stl <a-jL^*M >^12 ^i&^T'l (UKeyl)» '^i^ «1:t4(S802). 
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H^n^ofl ^^^S. ^^i^ cl^l^ fi^S A-lHl 7^]2 ^'U (UKeyl)<^ ^Jl^ 

«H ^13^4"^ ^^^7l(DauFKeyl)» ^3^^^(5804). 

^12 J^-a (UKeyl). l-s^-ol '?i:^(io4)^-?-El szh-as^ ID ^ 'S'^?]!:* ^l3 3^*^ 

7l(DauFKeyl)'^l ^J:^^<^ s)-^ ^:t.^7l (FKeyl)# ^S^^^i^(S806). 

<^1<^, ^(NuU) ^^1- <^l^i^ 4*"^ <a-3:s!-?loll 5] ell <a■J:s^■sM ^^^^ ■tM^l ^?i-§- ?m(KVC)^ 4^ 
(FKeyl)» ^]^^}<^ ^^€4^ ^J:^?] (FKeyl)^ <^-¥-» ^"y^^CSBOS). 

"=^-¥-71- (FKeyl)<Hl c^x]^ 3il-<a* <a-^5l-SH #2f«='l<?iH(104)S ^*?tT4( 

S810). 

^iiH(100)fe S2]-ol'?i:^(104)S.^Bi5l aI^^ nje] ^^g^ ?liJ:(auLKey)°ll ^^B ^^Jl^h^M ^1 

1 (LKeyD* Sj-Sl (S900) , ^<g^^€ (LKeyl)^l ^l^fl A-^H^ (100)^ ^"^iit* ^l-J:3l-«]-<^ 

(SLKeyl)l- -^3^^*^(8902). 

o]o], Al^^l (Cap ID)«- <^l-§-*M ^3^^^ ^fl2 (UKeyl)* (SLKeyl)<^ ^1*11 ^V^^^M ^1 

3 £^7-1 (EncUKeyl)* ^3 tb^ (S904) . 

<^7lAl, J5|l2 <?}-J:^9'1 (UKeyl)fe S S-^^ii^l- ^-g* ^j-^'^ AjjAjSjiBS. ^^j* 'S'^* 

^iwl (100)^ ^3^^€ ^13 (EncUKeyl)<Hl 16h1-<='1S^ €"3^^ ^7}^}: S.^* ^3^^*H 

H(104)^ ^^W(S906). 

^3^6-|oiE6|) ^x^^ c^^l^ 4"^^ ^zj-jg^ :£ 10^ ^^^^ ^^W. 

£ 10-8: ^ *^<^1 tqx]^ ^j:<sl-» ^15«^l-7l ^>je<»1t:1-. 

(io4)fe ^^7]^ Alii^Efl ^J^* ^#«>-il, Al^t^ til- ^lel ^^i^ ?l?j:(auLKey)<Hl "^^S. 

^■^■<^ ^ll ^JlSt-T-KLKeyZ)* ^3^^ t!:4(S1000). 

^iol (100) ^-^E^ ^^^sjcH ^^7]^ °J^i ;^ni-'=g^<Hl ^-l^sjol Xife ^ ^^^^ ^ll (LKe 
y2)<^l ^«fl -y-^^Sl-SH ^12 43121-71 (SLKey2)» ^3^J t!:i=1-(S1002). 

S.^ ^ m S^7l (EncUKeyl)* ^fl2 4^21- t-] (SLKey2)<Hl ^l^fl 43LSl-*><ii m ^S:S\-f] (UKey2)» ^3^^«->:il(S 
1004), ^-a-S- 7l^(KVC)3l- -^3^^^ ^113 4^Sl-?l (UKey2)» alS^<Hl (UKey2)Sl ^g-^V cx^ w.^ 

^^t!r'=f(S1006). 

<^7lAi, ^tl-g- 7m(KVC)^ WHH71- 'O'^S. ^(Null)# <^1^21 ^13 4J:^l-7l (UKey2)^1 2]fi^ ^J:^ 

^Hl a5^^€ 7l?;i:olcl-. 

(S1004)'H1^-1 -^3^^ ^13 ^^^T'l (UKey2)<Hl S.^ ^ €^3?]^* ^Ji:^s|-<i^ ^^^^l (DauFKey 
2)» ^3^d W(S1008). 
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'^I'H, ^13 ^JlSl-?! (UKeyZ), ID ^ ^'S (DauFKeyZ)^ <y-sSI-«l-^ 4^Sl-?l (FK 

eyZ)* ^3^^«>3.(S1010), ^^'f^'^ Xlfe 31-'^ ^-y-g- ^\ik(KVC)^- ^]^^-<^ 4^ ( 

FKey2)S] ^-y- <^^m ^^W(S1012). 

^^71- ^<y^ (FKey2)<^l "^-^^^ ^^2^ Sj-^* 431^^1-3., ^^7lo)l -M*!^ 

^sj S^rz^ofl c|^l^ ^o^^ ^^tbcl-(S1014). 

c^7]^^, A]3 ^^n-n (UKey2)fe ^^^^f] (FKeyl)Si\- ^<Q^aL, 4*^ ^SL^^] (JPKey2)Si[- ^^S.^^] ( 

FKeyDfe *<a^* ^V*^ 

^ gfls-o] 7^$] lr7V^*H i^^l^ 4^11* «oM^ ^ 

€ i^^l^ 4-"^* ^^7ls.sl 4^11- ^ Sife MS Si^. 

(57) 

^i^^^ 1. 

^^]-^ ^1^ AiBl<Hl <?1^ Aitt^cii 51 c^^l^ fi^J!^ 4"ysl tfj-x^l -^7] 

^S^^«H ^i-^l c]^!^ sffe -y* Aia^oJ] s]^ cl^im 4^fl 

^7] Sej-<^l'?l:s^-?-ti^ ^l-^^V 'aJi^fl 4# M^]^ ^4^1* A3^«M ^J-^l i=l^l€ ^1^ A^tHs. ^^-^^ ^ 



- 11 - 



^711 s-s] S.2002 -0063659 



» ^li- cl^l* ^^1 13-^1 «<}-^. 

^T^^J- 3. 

4^1 'S-^l 

4. 

^7] T^^l^ ^^^^ ^1-71 Aiul ^a.* S-t*!-^ ^A4r ^^^S. t}^ Ai 

s^tt ^^1^ 4^1 «c}-^l 'ii-'^. 

41-71 -a-M ^3Lel#^ ^3ilA] (twofish) ^^^S. <?1^ Aiu^cfl ^ tq:;^!^ y^^x] ifj- 

^T^^ 6. 

>a-7l <^1-§-SH ^1-71 AJA^^ s|.<g oj-^^ a7l7l» 41-71 All 2 S.^7H1 SlSll '^-SSl-sl-'^ Ail 3 S^7l» A^Aj 

^7] Afl3 :£^^H1 41-71 €^3^* ^7>Sl-<=i Af-g-;;^!- ^tt^lS- A^A^el-fe ^f^l; 
^71 A>^^1- T^flr^l* ^d-71 #Bl-«>l^SS. ^4^S>^ ^;^1 
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^T^^J- 7. 

4T-71 Al^E^ :=g_a^^ ^<^S. CPUS] f^^, 7H-r S ^}^^^3.2] ^o];^] Aj-cjs X^^j-fe ^-g- «>fe ■?! 

^ A-ltf|6(| o:|^ c^;^]^ 

>S-7] ^i-s^ ^3lAi o^vjiej^oj^ AS. <?1^ ^iiH<=>fl ^tt ^^]^ ^^11 yoVi^. 

1-11 E^q^.* ^«fl ^fl^ AlHl<Hl l-5l-<=1 <dH<=fl 5]*]: TJl-'a^ 4^-11 f --^Vy] t:] 

^ A-lHlfe ^7] ^iHl^i -^^^l^t) ^:§:^<H1 4^ -a-^^^l* o]-%-^<^ -^7] 3^<i* 

^7] A>-g-;^> €*?1<H1 SltSfl >a-7l 3l-<a °l-J:S|-7lo)l :^-<a ^^^S'l* ^<§^«Ffe ^^Jl; 

^7] ^1^^ i^-a ^M?1<^1 -^7] -a-SlSl-^ Cl^l^ 3l-<a* ^l-SlSl-sVfe cj-;^] 

s^ofl 0^*11 ^V7l A^yji ^3^^^^ ^^i^s «Vfe #el-<*l^S<^ tq^]^ 4^1 sj-ig. 

^^^J- 10. 

^V7l Al^e^ ti^ ^<H£ CPU^ 7B=^- ^ *}:Bc1^3.S1 Sllolxl Al-olz: ;^ til. S^'-.-g"* m^<=>] 

^.^<H1 ^tt cl^l^ ^^-il 

^T^^ 11. 

^V7l A}^7]- ^^n^ ^'\^]^ ^J-M -araiel^* «1-S-*M ^.9^^ ^l-^ ^J-M 3.7]?] ^ ^7] 
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^7]?ll- ^A^«m "^n-, 

^7] Aitt] T^lBl ;^il2 *1-§-e|-«^ "a-^^^^^i xx\-^ 4<g ^JAJ§>^ ^Til; 

^T-7l ^fl3 S|-<a ^7] 4^ ^7l?l, AJ.71 qx]^ ID ^ ^V7l A^ ^ 

» 5E^«>fe- ©et-ojoiEoJi cl^^l^ ^i^a ^^1 
13. 

^-il^ ^^B^ofl ^^S)^ AiH^o,] Cl^l^ ^EJI^ 4^511 l^Vxl -^7l 

Afl^ A-iuife -a-M^ ^^]% 3|-<a^ €-el-<^1^SS. -^1 9X'=^M. 

^1-7] <g-3L3|-€ ^^^s. §1-^ i^^l* ^^fl ^1-^1. 

^T^^ 14. 
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20 (54) Apparatus and Method for Preventing Copy of Digital Contents 



[Abstract] 

25 The present invention relates to an apparatus and method for effective prevention of illegal 

copy of digital contents provided to clients. In the invention an authentication server generates a 
service subscription key based on user information from a client who accessed through a network 
and information about a digital content service server, and a user access key for decrypting a digital 
content file that is encrypted with system information of a client's terminal. The digital content 

30 service server generates a file encryption key through a multi-stage encryption of the service 
subscription key to encrypt a digital content file and provides it to a client. The client generates a 
file decryption key through the multi-stage encryption and decryption of the user access key to 
decrypt the encrypted digital content file. In addition, the present invention adopts the twofish 
algorithm for generating the service subscription key, the file encryption key and the file decryption 

35 key. 

Representative Figure: Fig. 1 

40 

Key words 

digital content, authentication server, copy, system information, file encryption key, file decryption 
key, twofish algorithm 
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Specification 

Brief Description of Drawings 

5 Fig. 1 is a schematic block diagram of an apparatus for preventing illegal copy of digital contents in 
accordance with the present invention. 

Fig. 2 is a schematic view of the service subscription flow for a client. 
Fig. 3 is a schematic view of a twofish block encryptor. 
Fig. 4 is a schematic view of the service subscription cancellation for a client. 
10 Fig. 5 is a schematic view of the digital content file receiving flow for a client. 

Fig. 6 is a drawing showing a header configuration of an encrypted digital content file. 

Fig. 7 is a flow chart for performing the digital content copy pretention in accordance with the 

present invention. 

Fig. 8 is a flow chart for performing the generation of a file encryption key for digital content file 
15 encryption. 

Fig. 9 is a flow chart for performing the generation of user access information with an 
authentication server. 

Fig. 10 is a flow chart for performing the decryption of a digital content file in accordance with the 
present invention. 

20 

<Description of Reference Numerals for Main Parts of the Drawings> 
100: authentication server 
102: digital content service server 
104: client 
25 106: client information database 

108: digital content information database 
110: authentication information database 



30 Detailed Description of the Invention 
Objective (s) of the Invention 

Technical Field of the Invention and Related art 

35 The present invention relates to an apparatus and method for preventing illegal copy of digital 
contents, more specifically, to an apparatus and method for preventing illegal copy of digital 
contents to effectively prevent illegal copy of digital contents provided to clients. 

The modemizers are flooded with information that comes through all kinds of media such as 
40 broadcasts, publications, and the like. There are now information providers who intend to 
integrate the information provided through all kinds of media and provide it at once, and there are 
users who want to selectively get only desired contents out of digital contents that are provided by 
the information providers. 

45 Accordingly, there came digital content transmission systems composed of information providers 
who convert all kinds of information into digital contents and store the digital contents to provide 
them to individual users, and users who get digital contents fi*om the information providers through 
a network. 

50 Such a digital content transmission system provides users with an application program through 
which anyone cm easily download digital contents. 
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In addition, a user who is accessed to such a digital content transmission system via a network can 
get all information he (she) desires through the downloaded application program. 

5 Those digital contents from the digital content transmission systems are provided with or without 
charge to users. 

Digital content transmission systems set service fee for a charged digital content. 
When a user receives a digital content with service fee set therefor, a service server adds up service 
10 fees according to the user's information use volume and charges it to the user. 

However, when users access to a system that provides digital contents commercially using a 
network and receive a digital content they shoxild pay for, most of them give away the charged 
digital content as a crack to others without permission. 

15 

Besides, although damages on providers because of the use of copies of digital contents are serious, 
it is not possible to completely prevent them. 

Technical Task to be Achieved by the Invention 

20 

Therefore, the present invention is devised to solve general problems of the related art, by providing 
an apparatus and method for preventing copy of digital contents to encrypt digital content files with 
a file encryption key that is generated through multi-encryption. 

25 Also, another object of the present invention is to provide an apparatus and method for preventing 
copy of digital contents to generate a user access key used for decrypting an encrypted digital 
content file based on system information of a client terminal. 

Construction and Operation of the Invention 

30 

To achieve the above described objects, an authentication server of the present invention generates a 
service subscription key based on user information from a client who accessed through a network 
and information about a digital content service server, and a user access key for decrypting a digital 
content file that is encrypted with system information of a client's terminal. 

35 

A digital content service server generates a file encryption key through a multi-stage encryption of 
the service subscription key to encrypt a digital content file and provides it to a client. 

In addition, a client generates a file decryption key through the multi-stage encryption and 
40 decryption of the user access key to decrypt the encrypted digital content file. 

Also, the present invention uses the twofish algorithm for generating the service subscription key, 
the file encryption key and the file decryption key. 

45 Hereinafter, a preferred embodiment of an apparatus and method for preventing illegal copy of 
digital contents according to the present invention will be explained in detail. 



Fig. 1 is a schematic block diagram of an apparatus for preventing illegal copy of digital contents in 
accordance with the present invention. Fig. 2 is a schematic view of the service subscription flow 
50 for a client, and Fig. 3 is a schematic view of a twofish block encryptor. 
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Fig. 4 is a schematic view of the service subscription cancellation for a client. Fig. 5 is a 
schematic view of the digital content file receiving flow for a client, and Fig. 6 is a drawing 
showing a header configuration of an encrypted digital content file. 

5 As shown in Fig. 1, the present invention is configured by including an authentication server (100), 
a digital content service server (102), a client (104), a client information database (106), a digital 
content information database (108) and an authentication information database (110). 

Here, the authentication server (100) is configured to generate a seed key (Cap ID) for encryption of 
10 a digital content file provided through the digital content service server (102) and for generation of 
file use access information for the client (104). 

Here, the seed key (Cap ID) is a service subscription key for receiving digital content information, 
or receiving service to decrypt an encrypted digital content. 

15 

Also, for decryption of an encrypted digital content file, the authentication server (100) is 
configured to encrypt the seed key (Cap ID) and system information of the client (104) by a 
predetermined encryption algorithm, thereby generating a digital content file use access key 
(hereinafter, referred to as a token), and to transmit the generated token to the client (104). 

20 

Here, the system information of the client (104) for token generation is composed of CPU size, 
count number and page size information of hard disks and so on. Moreover, the encryption 
algorithm adopted for token generation is the twofish algorithm. 

25 The digital content service server (102) is configured to generate a file encryption key (FKeyl) 
through four-stage encryption of the seed key (Cap ID) that is transmitted firom the authentication 
server (100) using the twofish algorithm. 

The client (104) is configured to store the transmitted token from the authentication server (100) in 
30 a registry which is a storage region inside a terminal and to decrypt an encrypted digital content file 
by generating a file decryption key (FKey2) corresponding to the file encryption key (FKeyl) 
through encryption and decryption in accordance with the token and the encrypted digital content 
file header information that is downloaded from the digital content service server (102). 

35 Here, the present invention uses the twofish algorithm for key-encryption/decryption during the 
generation of the file encryption key (FKeyl). 

The client information database (106) is configured to store user information of the client (104) and 
a corresponding seed key (Cap ID), and the digital content information database (108) is configured 
40 to store digital content information that is classified depending on the file ID. 

Furthermore, the authentication information database (110) is configured to store a relevant service 
subscription key of the client (104), that is, seed key (Cap ID). 

45 Operations of the thusly configured digital content copy prevention apparatus according to the 
present invention are now explained as follows, with reference to accompanied drawings. 

First, service subscription procedure of the client (104) for receiving a digital content file from the 
digital content service server (102) is explained with reference to Fig. 2. 

50 

The client (104) downloads a digital content run program to run a digital content file that is 
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transmitted from the digital content service server (102) and installs the digital content run 
program by executing the downloaded run program. 

At this time, it is obvious that not only can downloading of the digital content run program be 
5 executed as part of the service subscription procedure, but the program can be downloaded prior to 
the service subscription. 

Here, the digital content run program includes an MPS player, a media player, or a real player, etc. 

10 Next, the client (104) accesses to the digital content service server (102) through intemet 
connection, for example, a network, inputs user information (S200) and requests service 
subscription (S202). 

Here, user information includes at least name of the client (104), ID, password and resident 
1 5 registration number. 

The digital content service server (102) stores, in the client information database (106), the user 
information inputted from the client (104), and requests authentication user registration by 
transmitting the resident registration mmiber, the client's name (or ID) or the password and a digital 
20 content service server nimiber (SP_NO) to the authentication server (100) (S204). 

Here, the digital content service server number (SP_NO) is information for distinguishing in case 
there are plural digital content service servers networked to the authentication server (100). 

25 The authentication server (100) generates a seed key (Cap ID) for authentication user registration 
requested from the digital content service server (102). 

That is, the authentication server (100) performs encryption, as shown in Eq. 1, of the service 
providing server number (SP NO), the resident registration number and the client's name that are 
30 transmitted from the digital content service server (102) with a first setup key (auLKey) in 
accordance with the twofish algorithm, and generates a seed key (Cap ID) (S206). 

Here, a predetermined programmed key value may be set as the first setup key (auLKey). 

35 Eq. 1 

Cap ID = EauLKey[SP_NO(4) || resident registration number (13) || client's name (30)] 

wherein, the numerals in round brackets stand for byte unit, the predetermined key value (auLKey) 
is a predetermined value given by a programmer for encryption, and E is the abbreviation for 
40 Encryption. 

Here, the twofish algorithm is an algorithm adopted from ASE (Advanced Encryption Standard) 
published by NIST under United States Department of Commerce for replacement of data 
encryption standards. 

45 

The twofish algorithm is a 128-bit symmetrical block encryptor, has a variety of key lengths such as 
128 bits, 192 bits, 256 bits and the like, and is eflScient for diverse software and hardware platforms. 

In addition, a twofish block encryptor as shown in Fig. 3 has a 16-round feistel network 
50 configuration along with a bijective fiinction f, and includes an additional whitening section at its 
input/output unit. 
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Here, the feistel network is configured by including plural S-boxes, MDS matrix and PHT. 

A cipher text generation procedure by the twofish block encryptor with the above-described 
5 configuration is now explained roughly. 

An original text consists of 4r 32-bit words and performs a XOR operation with these four key 
words in the input whitening step. Later, 16 rounds are performed sequentially, and in each round 
two keys on the left side are used as an input for the function g, the most crucial part of the twofish. 

10 

The function g is composed of four byte wide keys and four key independent S-boxes, and a linear 
mixing step based on the MDS matrix is carried out. Results of the two functions g are combined 
using PHT, and two key words are added. 

15 These two resuhs become an XOR to be a XOR with words on the right side (first, one of them 
rotates to the left by 1 bit, and the other rotates later to the right). 

Next, for the next processing phase half of the left side and half of the right side are changed, and in 
the final processing phase at the end of all processing phases the change becomes opposite. 

20 

And, four words are subject to the XOR with more than four words to generate a cipher text. 
The authentication server (100) generates a user authentication registration complete message 
(S208) and transmits, to the digital content service server (102), a seed key (Cap ID) generated by 
the twofish algorithm that performs the operations described above and the message (S210). 

25 

The digital content service server (102) stores the seed key (Cap ID) from the authentication server 
(100) in the client information database (106) (S212), generates a service subscription complete 
message (S214) and transmits it to flie client (104) (S216) . 

30 Next, the process in response to a service subscription cancellation request from the client (104) is 
explained, with reference to Fig. 4. 

First, the client (104) inputs user information, namely, resident registration number and password 
(S400) and transmits a service subscription request signal to the digital content service server (102) 
35 (S402). 

The digital content service server (102) compares the resident registration number and password 
firom the client (104) with client information stored in the client information database (106) to 
decide if the client (104) is a service subscriber (S404). 

40 

If the client (104) is a service subscriber, the digital content service server (102) searches a seed key 
(Cap ID) of the client (104), and transmits the digital content service server number (SPJMO), the 
resident registration number and the seed key (Cap ID) to the authentication server (100), thereby 
requesting (S408) the cancellation of user authentication (S406). 

45 

The authentication server (100) searches the authentication information database (110) in 
accordance with a user authentication cancellation request signal from the digital content service 
server (102) and decides if the client (104) is an authenticated user (S410). 



50 



If the client (104) is an authenticated user, the authentication server(lOO) deletes user authentication 
information of the client (104) to thus cancel user authentication (S412), and transmits the 
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generated user authentication cancellation complete message to the digital content service 
server (102) (S414). 

The digital content service server (102) generates a service subscription cancellation complete 
5 message according to the user authentication cancellation complete message from the authentication 
server (100) (S418), and transmits the generated service subscription cancellation complete message 
to the client (104) to complete the cancellation of service subscription of the client (104) (S420). 

Next, the process of how the client (104) having completed service subscription receives and 
10 executes a digital content file from the digital content service server (102) is explamed, with 
reference to Fig, 5. 

First, the client (104) accesses the digital content service server (102) through the network and logs 
on by inputting ID and password. Then, the client (104) inputs a file request signal for selecting 
15 one of a variety of digital content files being provided (S500). 

The digital content service server (102) compares the ID and the password inputted by the client 
(104) with the relevant information stored in the client information database (106) to decide if the 
service subscription should be done (S502). 

20 

If the client (104) is a service subscriber, the digital content service server (102) generates a file key 
(FKeyl) for encrypting a corresponding digital content file requested by the client (104) (S504). 

That is, the digital content service server (102) performs the multi-stage encryption for the seed key 
25 (Cap ID) and the user information of the client using the twofish algorithm to generate a file 
encryption key (FKeyl), and it will be explained in detail hereinafter. 

First, the digital content service server (102) encrypts the seed key (Cap ID) of the client (104) that 
is stored in the client information database (106) using a second setup key (asUkey) to generate a 
first file encryption key (DasUKeyl). 

30 

At this time, the second setup key (asUkey) may be composed identically with or differently from 
the first setup key (auLKey) given during the generation of the seed key (Cap ID). 

Next, the digital content service server (102) generates, as shown in Eq. 2, a second file encryption 
35 key (UKeyl) which is an initial encryption key for generating the file encryption key (FKeyl), by 
encrypting the digital content service server nimiber (SP_NO), the resident registration nxunber and 
the stream of the seed key (Cap ID) in use of the first file encryption key (DasUKeyl). 

Eq.2 

40 UKeyl = EDasUKeyi [SP_NO(4) II resident registration number (13) || Cap ID (16)] 

wherein, E stands for the abbreviation for encryption, and the twofish algorithm was adopted as an 
algorithm for encryption, and the numerals in round brackets stand for byte numbers. 

45 Moreover, the digital content service server (102) encrypts a random value of the digital content 
service server (102) in accordance with a predetermined key value (auPKey) and generates a third 
file encryption key (DauFKeyl). 

Here, the random value of the digital content service server is selected at random by a certain 
50 program and consists of 1 6 bytes. 
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Next, the digital content service server (102) encrypts, as shown in Eq. 3, the second file 
encryption key (UKeyl), a selected digital content file ID and the digital content service server's 
random value using the third file encryption key (DauFKeyl) to generate a file encryption key 
(FKeyl). 

5 

Eq.3 

FKeyl = EoauFKeyi [UKeyl (16) || file_ID (8) || digital content service server random (8)] 

wherein, the nxunerals in round brackets stand for byte numbers, the digital content service server 
10 random value is selected at random by a certain program, and E is the abbreviation for encryption. 

The digital content service server (102) encrypts a digital content file that is requested by the client 
(104) using the file encryption key (FKeyl) tiiat is generated through the multi-stage encryption and 
transmits it to the client (104). 

15 

At this time, the digital content file that is encrypted and transmitted to the client (104) has a header 
with the configuration shown in Fig. 6. 

Referring to Fig. 6, header information of the digital content file includes a digital content service 
20 server number field (600), a file description field (602), a file type field (604), a file ID field (606), 
a client (104) name field (608), a first preliminary flag field (610), a target encryption file's total 
size field (612) , a digital content file's total size field (614) including header, body and extension 
flag, an encrypted file's total size field (616), a checksum field (618) of a target encryption file for 
error detection, a second preliminary flag field (620), a service server random field (622), a file 
25 encryption key verification value (KVC) field (624), a third preliminary fiag field (626) and a 
checksum field (628) for error detection of the file header. 

Here, the verification value (KVC) of the file encryption key verification value field (624) is 
generated by encrypting a 16-byte null with the previous file encryption key, and the digital content 
30 service server (102) verifies if the generated file encryption key (FKeyl) is vaUd by comparing the 
file encryption key (FKeyl) that has been generated for file encryption with the verification value 
(KVC). 

The client (104) downloads a digital content file including a header with the above described 
35 configuration and performs decryption to run the digital content file. 

That is, the client (104) extracts system information to generate a decryption key of the downloaded 
digital content file and transmits a token request signal including the extracted system information. 

40 In addition, the system information is information about the system of a client who requested a 
token and contains kind of CPU, coimt number, hard disk's page size, etc. 

The authentication server (100) encrypts, as shown in Eq. 4, the service providing server number, 
the resident registration number and the system information transmitted fi-om the client (104) with 
45 the first setup key (auLKey) and generates a first token key (LKeyl). 

Eq.4 

LKeyl = EauLKey [systcm information (16)] 



50 wherein, E is the abbreviation for encryption, and the twofish algorithm was adopted as an 
algorithm for encryption, and the numerals in round brackets stand for bytes. 
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The authentication server (100) encrypts a 16-byte random value of the authentication server (100) 
using the generated first token key (LKeyl) and generates a second token key (SLKeyl). At this 
time, the authentication server (100) verifies validity by comparing a verification value that is 
5 generated by encrypting a 16-byte null vsdth a previous second token key vsdth the generated second 
token key (SLKeyl). 

Here, the random value of the authentication server (100) is randomly selected in the authentication 
server (100) through a certain program. 

10 

The authentication server (100) encrypts a 16-byte second file encryption key (UKeyl) that is 
generated with the seed key (Cap ID) of the client (104) using the second token key (SLKeyl) and 
generates a third token key (EncUKeyl). 

15 Here, since the second file encryption key (UKeyl) is generated through the same procedure by the 
digital content service server (102), no detailed explanation will be provided. 

The authentication server (100) transmits, to the client (104), a token that is configured in form of 
[digital content encryption server random (16) || third token (16)], the addition of a 16-byte 
20 authentication server random value to the third token key (EncUKeyl). 

At this time, the token is downloaded and stored in a storage region of a terminal and may be 
configured to limit the number of dovmloads of the token. 

25 The client (104) extracts system information of the terminal, encrypts the extracted system 
information vsdth a predetermined key value (auLKey) and generates a first decryption key (LKey2). 

Moreover, the client (104) encrypts a random value in the token with the first decryption key 
(LKey2) and generates a second decryption key (SLKeyl). 

30 

Here, the first decryption key (LKey2) and the second decryption key (SLKey2) that are generated 
by the client (104) are the same as the first token key (LKeyl) and the second token ken (SLKeyl) 
that are generated by the authentication server (100), and their generation procedures are also 
identical with each other. 

35 

The client (104) decrypts a third token key (EncUKeyl) with the second decryption key (SLKey2) 
and generates a third decryption key (UKey2). It is obvious that the third decryption key (UKey2) 
is the same key as the second file encryption key (UKeyl). 

40 Furthermore, the client (104) encrypts the service providing server raudom extracted from an 
encrypted digital content file header with the third setup key (auFKey) and generates a fourth file 
key (DauFKey). 

At this time, the third setup key (auFKey) may be configured identically with or different firom the 
45 first setup key (auLKey) or the second setup key (asUKey). 

The client (104) generates, as shown in Eq. 3, a file decryption key (FKey2) by encrypting the file 
ID extracted from an encrypted digital content file, the digital content service server random, the 
third decryption key (UKey2) and the fourth file key (DauFKey). 

50 

At this time, the client (104) verifies validity by comparing a verification key value in the 
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dowxiloaded digital content file header with the generated file decryption key (FKey2). 

The client (104) uses the generated fine decryption key (FKey2) to decrypt an encrypted digital 
content file and runs the digital content file with a run program. 

5 

Here, it is obvious that the file decryption key (FKey2) is the same as the file encryption key 
(FKeyl) this is for the digital content service server (102) to encrypt a digital content file. 

The following now explains, with reference to Fig. 7, the performance procedure of the digital 
10 content copy prevention apparatus of the present invention witihi the above described structure. 

Fig. 7 is a flow chart for performing the digital content copy pretention in accordance with the 
present invention. 

15 First, the digital content service server (102) transmits, to the authentication server, a service 
subscription request signal in accordance with user information input, etc., firom the client (104) 
who accessed through the network, and the authentication server (100) generates a seed key based 
on the user information and transmits it to the digital content service server (102) (S700). 

20 The digital content service server (102) performs the multi-phase encr3^tion of the seed key (Cap 
ID) to generate a file encryption key (FKeyl) and encrypts a digital content file requested by the 
client (104) with the generated file encryption key (FKeyl) (S702). 

Next, the authentication server (100) transmits a user access key (token) which is generated through 
25 the multi-phase encryption of system information of the client (104) terminal to the client (104) 
(S704). 

Here, the system information is specific information for the client (104) terminal, and the token that 
is generated based on the system information conveys particular features for each client terminal. 

30 

The client (104) uses the token to generate a file decryption key (FKey2) through encryption and 
decryption and decrypts an encrypted digital content file with the file decryption key (FKey2) 
(S706). 

35 At this time, an algorithm for use in encryption and decryption for generating a seed key, a file 
encryption key, a token and a file decryption key is the twofish algorithm. 

In addition, the decrypted digital content file runs by a proper run program that is installed in the 
client (104) terminal. 

40 

The following now explains, with reference to Fig. 8, the file encryption key generation procedure 
dxjring the digital content copy prevention procedure according to the present invention with the 
above described configuration. 

45 Fig. 8 is a flow chart for performing the generation of a file encryption key for digital content file 
encryption. 

The digital content service server (102) encrypts a seed key from the authentication server (100) 
with a predetermined hard coded key value on the cord by a programmer for example to generate a 
50 first file encryption key (DasUKey 1 ) (S800). 
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Next, it encrypts the seed key, resident registration number of the client (104) and the 
digital content service server nimiber with the first encryption key (DasUKeyl) and generates a 
second file encryption key (UKeyl) (S802). 

5 It generates a third file encryption key (DaiiFKeyl) by encrypting random value of the digital 
content service server, which is selected at random by a certain program, with the second file 
encryption key(UKeyl)(S804). 

It also encrypts a digital content service server random value that is set at random by a certain 
10 program with the second file encryption key (UKeyl) and generates a file encryption key (FKeyl) 
(S806). 

Next, it compares a file encryption key verification key value (KVC) that is obtained by encrypting 
a null function with a previous file encryption key with the file encryption key (FKeyl) and verifies 
15 if the generated file encryption key (FKeyl) is valid (S808). 

It encrypts a digital content file with the file encryption key (FKeyl) whose validity is verified and 
transmits it to the client (104) (S810). 

20 Here, an algorithm for use in encryption for generating the first through third file encryption keys 
and the file encryption key is the twofish algorithm. 

Moreover, the procedure for generating user access information, that is, token, of Fig. 7 is now 
explained in more detail with reference to accompanying drawings. 

25 

Fig. 9 is a flow chart for performing the generation of user access information with the 
authentication server. 

First, the authentication server (100) encrypts system information from the client (104) with a 
30 predetermined key value (auLKey) to generate a first token key (LKeyl) (S900), and encrypts a 
random value of the authentication server (100) with the generated first token key (LKeyl) to 
generate a second token key (SLKeyl) (S902). 

Next, it encrypts the second file encryption key (UKeyl) that is generated with the seed key (Cap 
35 ID) through the second token key (SLKeyl) and generates a third token key (EncUKeyl) (S904), 

Here, since the second file encryption key (UKeyl) is generated through the same procedure in Fig. 
8, no detailed description will be provided. 

40 The authentication server (100) generates a token in form of the addition of a 16-byte random value 
to the generated third token key (EncUKeyl) and transmits it to the client (104) (S906). 

The decryption procedure of a digital content file encrypted by the client is now explained in detail 
with reference to Fig. 10. 

45 

Fig. 10 is a flow chart for performing the decryption of a digital content file in accordance with the 
present invention. 

The client (104) extracts system information of a terminal and encrypts the extracted system 
50 information with a predetermined key value (auLKey) to generate a first decryption key (LKey2) 
(SI 000). 
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Next, it encrypts a random value among the tokens having been transmitted from the authentication 
server (100) and stored in a certain storage region of the terminal with the first decryption key 
(LKey2) and generates a second decryption key (SLKey2) (SI 002), 

5 

It decrypts the third token key (EncUKeyl) among the tokens with the second decryption key 
(SLKey2) to generate a third decryption key (UKey2) (SI 004), and determines the validity of the 
third decryption key (UKey2) by comparing the generated third decryption key (UKey2) with a 
verification key value (KVC) (SI 006). 

10 

Here, the verification key value (KVC) is a key value generated through the encryption of a null 
composed of only '0' bytes with the previous third decryption key (UKey2). 

It encrypts a random value among the tokens with the thhd decryption key (UKey2) that is 
15 generated from the previous step (SI 004) and generates a fourth decryption key (DauFKey2) 
(S1008). 

Next, it encrypts the third decryption key (UKey2), the file ID, and the random value with the 
fourth decryption key (DauFKey2) to generate a file decryption key (FKey2) (SlOlO), and verifies 
20 validity of the file decryption key (FKey2) by comparing it with a verification key value (KVC) of a 
stored digital content file header (SI 012). 

It decrypts a digital content file that is encrypted with the vaUd file decryption key (FKey2) and 
runs the digital content file by a corresponding run program installed in the terminal (S1014). 

25 

Here, it is obvious that the third decryption key (UKey2) is identical with the second file encryption 
key (FKeyl), and the file decryption key (FKey2) is identical wit the file encryption key (FKeyl). 

Effects of the Invention 

30 

The apparatus and method for preventing copy of digital contents according to the present invention 
generate, through the multi-stage encryption procedure, a file encryption key for encrypting digital 
contents, user access information for downloading a digital content file or for decrypting a 
downloaded digital content file and a file decryption key. 

35 

Therefore, according to the present invention, since the file encryption key, the user access 
information and the file decryption key are generated through the multi-stage encryption procedure, 
decoding those keys is almost impossible so copy of digital content files can be prevented. 

40 In addition, since the user access information is generated with a key value contained in the system 
information of a terminal, the present invention can also be effective for prevention of copy of 
downloaded content files on the client terminal to another terminal. 



45 (57) What is claimed is: 

1. A method for preventing copy of digital content files by an authentication server accessed 

to a digital content service server through a network, with the digital content service server 
providing an encrypted digital content file to a client, comprising the steps of: 
50 generating a service subscription key based on user information from the client and 

transmitting it to the digital content service server; and 
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generating a user access key based on system information of the client terminal and 
transmitting it to the client, 

wherein the digital content service server generates a file encryption key through multi- 
stage encryption of the service subscription key to encrypt the digital content files, and 
5 wherein the client generates a file decryption key corresponding to the file encryption key 

through the multi-stage encryption with the user access key and decrypts the encrypted digital 
content files. 

2. The method of claim 1 , wherein the step for generating a service subscription key based on 
10 user information firom the client and transmitting it to the digital content service server comprises 

the steps of: 

receiving user information of the client through the digital content service server; 

encrypting the user information and information on the digital content service server 
through a predetermined encryption algorithm to generate the service subscription key; 
15 storing the user information and the digital content service server and the service 

subscription key; and 

transmitting the service subscription key to the digital content service server. 

3. The method of claim 1 or claim 2, wherein the user information contains resident 
registration number and name information of the client. 

20 

4. The method of claim 2, wherein the information on the digital content service server 
contains niraiber information of the digital content service server. 

5. The method of claim 2, wherein the encryption algorithm is a twofish algorithm. 

25 

6. The method of claim 1, wherein the step for generating a user access key based on system 
information of the client terminal and transmitting it to the client comprises the steps of: 

generating a user access key based on system information of the client terminal and 
transmitting it to the client; 
30 generating a first token key through encryption of the system information by applying a 

predetermined encryption algorithm with a predetermined key value; 

generating a second token key through encryption of a predetermined random value by 
adopting the algorithm with the first token key; 

generating an encryption initial key of the digital content file through encryption of the 
35 service subscription key by adopting the algorithm; 

generating a third token key through encryption of the generated file encryption initial key 
by adopting the algorithm v^th the second token key; 

generating a user access key by adding the random value to the third token key; and 

transmitting the user access key to the client. 

40 

7. The method of claim 6, wherein the system information contains at least kind of CPU, 
count number and page size information of a hard disk, 

8. The method of claim 6, wherein the encryption algorithm is a twofish algorithm. 

45 

9. A method for preventing copy of digital contents by a client accessed to a digital content 
service server through a network, with the digital content service server receiving a service 
subscription key from a networked authentication server, with the digital content service server 
encrypting the digital content files using a file encryption key that is generated through multi-phase 

50 encryption of the service subscription key, comprising the steps of: 

transmitting terminal system information of the client to the authentication server; 
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receiving, from the authentication server, a user access key generated based on the 
system information; 

generating, with the user access key, a file decryption key corresponding to the file 
encryption key; and 

5 encrypting the encrypted digital content file with the generated file decryption key, 

wherein the authentication server generates the service subscription key through encryption 
of information on a user who is accessed to the digital content service server and through 
encryption of information on the digital content service server. 

10 10. The method of claim 9, wherein the system information contains at least kind of CPU, 
covint number and page size information of a hard disk. 

11. The method of claim 9, wherein the user access key includes a file encryption initial key 
that is generated by encrypting the service subscription key with a predetermined encryption 
15 algorithm and the authentication server random value, with the file encryption initial key being 
generated by encrypting user information on the client and information on the digital content 
service server with a first file encryption key that is generated by encrypting the service 
subscription key with a predetermined key value. 

20 12. The method of claim 9, generating a file decryption key corresponding to the file 
encryption key with the user access key comprises the steps of: 

generating a first file decryption key by encrypting the system information with a 
predetermined first key value; 

generating a second file decryption key by encrypting the authentication server random 
25 value among the user access keys with the first file decryption key; 

generating a file encryption initial key by decrypting the encrypted file encryption initial 
key among the user access keys with the second file decryption key; 

generating a third file decryption key by encrypting the authentication server random value 
with a predetermined second key value; and 
30 generating a file decryption key corresponding to the file encryption key by encrypting, 

with the third file decryption key, the file encryption initial key, the digitd content file ID, and the 
authentication server random value. 

13. An apparatus for preventing copy of digital content files by an authentication server 
35 accessed to a digital content service server through a network, with the digital content service server 

providing an encrypted digital content file to a client, comprising: 

a means for generating a service subscription key based on user information from the client 
and transmitting it to the digital content service server; and 

a means for generating a user access key based on system information of the client 
40 terminal and transmitting it to the client, 

wherein the digital content service server generates a file encryption key through multi- 
stage encryption of the service subscription key to encrypt the digital content files, and 

wherein the client generates a file decryption key corresponding to the file encryption key 
through the multi-stage encryption with the user access key and decrypts the encrypted digital 
45 content files. 

14. The apparatus of claim 13, wherein the means for generating a service subscription key 
based on user information from the client and transmitting it to the digital content service server 
comprises: 

50 a means for receiving user information of the client through the digital content service 

server; 
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a means for encrypting the user information and information on the digital 
content service server through a predetermined encryption algorithm to generate the service 
subscription key; 

a means for storing the user information and the digital content service server and the 
5 service subscription key; and 

a means for transmitting the service subscription key to the digital content service server. 

15. The apparatus of claim 14, wherein the user information contains resident registration 
number and name information of the client. 

10 

16. The apparatus of claim 14, wherein the information on the digital content service server 
contains number information of the digital content service server. 

17. The apparatus of claim 14, wherein the encryption algorithm is a twofish algorithm. 

15 

18. The apparatus of claim 13, wherein the means for generating a user access key based on 
system information of the client terminal and transmitting it to the client comprises: 

a means for generating a user access key based on system information of the client 
terminal and transmitting it to the client; 
20 a means for generating a first token key through encryption of the system information by 

applying a predetermined encryption algorithm with a predetermined key value; 

a means for generating a second token key through encryption of a predetermined random 
value by adopting the algorithm with the first token key; 

a means for generating an encryption initial key of the digital content file through 
25 encryption of the service subscription key by adopting the algorithm; 

a means for generating a third token key through encryption of the generated file 
encryption initial key by adopting the algorithm with the second token key; 

a means for generating a user access key by adding the random value to the third token 

key; and 

30 a means for transmitting the user access key to the client. 

19. The apparatus of claim 18, wherein the system information contains at least kind of CPU, 
count number and page size information of a hard disk. 

35 20. The apparatus of claim 18, wherein the encryption algorithm is a twofish algorithm. 

21. An apparatus for preventing copy of digital contents by a client accessed to a digital 
content service server through a network, with the digital content service server receiving a service 
subscription key from a networked authentication server, with the digital content service server 
40 encrypting the digital content files using a file encryption key that is generated through multi-phase 
encryption of the service subscription key, comprising: 

a means for transmitting terminal system information of the client to the authentication 

server; 

a means for receiving, from the authentication server, a user access key generated based on 
45 the system information; and 

a means for generating, with the user access key, a file decryption key corresponding to the 
file encryption key; 

wherein the authentication server generates the service subscription key through encryption 
of information on a user who is accessed to the digital content service server and through 
50 encryption of information on the digital content service server. 
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Description of Drawings 
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20 user according to seed key generation 

2JS §^ D1|A|X| 208: Generate user authentication subscription complete 

message 

A|J^?| id A|-g-A|- S!:^ Dl|A|x| 210: Transmit the seed key and the 

authenticated user registration complete message 
25 A I JE ^ I A-1 ^1- 2 1 2: Storing the seed key 

Aibi|>^ CHI A It: I 214: Generate service subscription complete message 

A^tl|:^ ^^ sj-^ CH|A|X| 216: Transmit the service subscription complete message 

Fig. 3 

30 tJ ^ whitening: Input whitening 
1 B|-g^: 1^^ round 

15 B|-^^: 15*^ round 

16 Bj-^^: 16"^ round 

whitening: Output whitening 

35 

Fig. 4 

#B|-0|oHE. Client 

1^1 A| S ?H ^ S A-j b-j : Digital content service server 

o| g. A-] b-j : Authentication server 
40 A|-§-A|- ^3.01^ 400: User information input 

A-|b|^ 402: Service subscription cancellation request 

A-] b I >^ 0=1-^-1- t^Et 404: Decision on service subscription 

Al-gxl- ^ a|^?| oih^ 405. 

Digital content service server number, user information and seed key input 
45 A|-g-A|- S.S 408: User authentication cancellation request 

A|-§A[- Oi-^ 410: Decision on authenticated user 

A|-g-X|- 412: User authentication cancellation 

A|-#A|- oj^ pijAjxl Ay.M 414: 

Generating user authentication cancellation complete message 
50 A|-g-X|- ^i-^:: sj.^ 416: Completing user authentication cancellation 
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A-jbl^ Dil^^l^l -^-^ 418: Generating service subscription cancellation 

complete message 

§^ 420: Completing service subscription cancellation 

5 Fig. 5 

m £1-0 1 ?d^: Client 

1^1 ^1 S S ^ ^ M^^: Digital content service server 

oj -g- A-j bi-| : Authentication server 

D|x|a ^Bjj^ 500: Request digital content file 

10 >H^I— §^ t^E!" 502: Decision on service subscription 

^I^IS c:FE!-^l ^''Sl^l- 504: 

Multi-phase encryption of related digital content file 

oj.;^;§;|.ig D|x|g ^ ^ ^1"^ # S# 506: Transmit cucryptcd digital contcnt filc 
D|7:|g ^E}!^ nl-^ X-IS- 508: Store digital content file 
15 >*^|:^gi §M 510: Extract system information 

^S. a #011 CD[-^ 512: 
Request token following the transmission of system information 
J£ ^ ^ 514: Token generation 
516: Token transmission 
20 S^oil CL|-^ ^Elj^ ^S^F^I 518: 

Generate digital content decryption key according to token 

o|#^M ^^\^ ^|-^# ^S^Wi -^li 520: 

Decrypt digital content file with decryption key and run the file 

25 Fig. 6 

^-&: Division 
byte n^: byte numbers 
lH-§- (Oil a|): Content (example) 
nl-^ ^ °| : File description 
30 ^l-^^l ID: Target encryption file ID 

0|w:Username 
Oil a I g : Preliminary flag 

"gJ"5:^|-# ^1- s —I # Aj-O I Total size of target encryption file 

Header+-Body+Extension —1 S-A|-0|:^: Total size of Header+Body+Extension 
35 ^'■Sl^l-S ^l-^^l # A|-0|£E: Total size of encrypted file 

gj-S^Fffl" —I Checksum: Checksum of target encryption file 

^ 21-^ ^n^H ^l-^oj uH^i: Version of available smart card 

A-j hd I >i A-] bd-j o I sjj g . Random of service server 

FKey7h S^^t^A| ^ Key ^: 

40 Key verification value to verify validity of FKey 

s ^1 t^i —I ^'■£1 Checksum: Verification checksum of file header 

;^|: Total 

Fig. 7 

45 A I Start 

A^bi^-^ ^a|.o|oHEo| A-id|^ ^^ s.^o\\ ai^^i-i- c^i^i^ fi^^ 

A^u^^ 51^ S700: 

Authentication server generates seed key at the request of client's service subscription and transmits 
50 to digital content service server. 
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oj-Slsl-^lg- -a^ol-O^ lil-^-g Sj-Sisl- S702: 

Digital content service server generates file encryption key through multi-stage encryption with the 
5 seed key to encrypt file. 

?\^Mtii^ #a|-o|oHEo| A\^^ oISe!- i^l-tMl ^ssl-S #eH A^-g-xj- 

(S.^)-!- -^-^ol-O^ #B|-0|oiE^ S704: 

10 Authentication server generates user access key through multi-stage encryption with client's system 
information and transmits to client. 

^[•Um ^^n'&0\\ urn S706: 

15 Client decrypts file with decryption key generated through encryption with the user access key and 
runs the file. 

End 

Fig. 8 

20 A|^K Start 

A|^7|# Dial -ySS^Ioil cc^B^ oj-^s|-§|-Oi XHI 1 nl--^ S800: 
Generate 1^' file encryption key by encrypting seed key with predetermined key 

25 A|^7|, A[^X\ Se. ^ aH!^ A-\U\ Xi| 1 ^""SlSl-^IOll 

oi-^s|-§|-oi XHI 2 S802: 

Generate 2°^ encryption key by encrypting seed key, user information and information of digital 
content service server with the 1** file encryption key 

30 c^|A|g |HE!!^ xiig A-\ai2\ BHggi:* H 2 ^2:s|-?|oi| gj-^^i-o^ xi| 3 
^1-2:2:1-71 S804: 

Generate 3"* file encryption key by encrypting random value of digital content service server with 
the 2°^ file encryption key 

35 n\ 2 ^i-ssi-?!, ID ac n 3 ^5:^1-71 oil sitH ihSl^l-ol-O^ nj-^ 

-a-^ S806: 

Generate file encryption key by encrypting 2"** file encryption key, file ID and random value with 
the 3'^'^ file encrj^tion key 

40 -a-^a i^i-^ gj-^si-^i^i sj-oj S8O8: 

Verify validity of the generated file encryption key 

^['^ ^Ssl-^lcHI o|^ i^|:^IS fH@!^ '^SLsJt S810: 

Encrypt digital content file with the file encryption key 

45 

WS: End 

Fig. 9 

Al^i": Start 

50 
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-a-^ S900: 

Generate 1^' token key by encrypting system information jfrom client with predetermined key value 

5 Ml 1 J£.^?|oi| alsH ?l-s:s|-§|-0=| Xi 2 S902: 

Generate 2"** token key by encrypting random value with 1^* token key 

-a-^ S904: 

10 Generate S*"^ token key by encrypting 2"'' file encryption key in use seed key with the 2"'' token key 

^41 3 ^^?|oil sH@^^# ^^mi #a|-o|oiH^ S906: 

Generate token by adding random value to the 3^^ token key and transmitting to client 

15 End 

Fig. 10 

M^: Start 

20 □!£! -as a s|*H gj-Sisi-ei-oi xii 1 SIOOO: 

Encrypt system information with predetermined key value and generate 1*' decryption key 

^^um H 1 ^^sk9\o\\ s-m 'i^^s.moi h 2 ^2:^1-71 S1002: 

Generate 2"** decryption key by encrypting random value with the 1** decryption key 

25 e]s>MuH^-¥N n 2 ^^^^\o\\ 9.^ ^^^^oi 3 sioo4: 

Generate 3'^ decryption key by decrypting token firom authentication server with the 2"^ decryption 
key 

x-\\ 3 ^^s.[^\9.\ ^Ai- Oi^ 5|-o| S1006: 
30 Verify validity of the 3*^^ decryption key 

°|B-I ^\^0\\ ojsll gj-Mh^l-Oi X\\ 4 S1008: 

Generate 4* decryption key by encrypting random value with predetermined key value 

35 n 3 id ^ m^^m n 4 ^^s.[no\\ Q\m ^^n^oi 

•a-^ SIOIO: 

Generate file decryption key by encrypting the 3"* decryption key, file ID and random value with 
the 4* decryption key 

40 sl-^ ^^o| S1012: 

Verify validity of file the file decryption key 

iL[^ ^:s.n^\o\\ ai*n D|x|g ^^mno\\ aJtB.[ siou-. 

Decrypt digital content file with the file decryption key and run the file 

45 

End 
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Authentication server generates user 
access key through multi-stage encryption 
with client's system infonnation 
and transmits to client. 
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the user access key and runs the file. 
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